def __call__(self, form, field): schema = PasswordValidator() schema \ .min(6) \ .has().digits() if not schema.validate(field.data): raise ValidationError(self.message)
def __call__(self, form: FlaskForm, field: Field): the_schema = PasswordValidator() the_schema \ .min(8) \ .has().lowercase() \ .has().digits() if not the_schema.validate(field.data): raise ValidationError(self.message)
def register(): error_list = [] form = RegistrationForm() if request.method == 'POST': #print(request.form['user_name']) try: user_name = form.user_name.data password = form.password.data if len(user_name) < 3: #print("a") if len(user_name) == 0: error_list.append('Your username is required.') else: error_list.append('Your username is too short.') schema = PasswordValidator() schema.min(8) \ .has().uppercase() \ .has().lowercase() \ .has().digits() if not schema.validate(password): #print("b") if len(password) == 0: error_list.append("Your password is required.") error_list.append('Your password is invalid, please refer to Account notes.') #print(error_list) if len(error_list) == 0: services.add_user(user_name, password, repo.repo_instance) # All is well, redirect the user to the login page. return redirect(url_for('authen_bp.login')) else: return render_template( 'authen/credentials.html', title='Register', form=form, error_list=error_list, handler_url=url_for('authen_bp.register'), ) except services.NameNotUniqueException: error_list.append("Your username is already taken - please supply another.") # For a GET or a failed POST request, return the Registration Web page. return render_template( 'authen/credentials.html', title='Register', form=form, error_list=error_list, handler_url=url_for('authen_bp.register'), )
class SqlManager: def __init__(self): self.conn = conn self.cursor = conn.cursor() self.pass_validator = PasswordValidator() self.pass_hash = PassHasher() def create_structure(self): with open(SQL_STRUCTURE_FILE) as f: sql_file = f.read() self.cursor.executescript(sql_file) def change_message(self, new_message, logged_user): update_sql = '''UPDATE clients SET message = ? WHERE id = ?''' self.cursor.execute(update_sql, (new_message, logged_user.get_id())) self.conn.commit() logged_user.set_message(new_message) def change_pass(self, new_pass, logged_user): if self.pass_validator.validate(logged_user.get_username(), new_pass): user_pass, user_salt = self.pass_hash.make_pass(new_pass) else: raise StrongPasswordError update_sql = '''UPDATE clients SET password =?, salt =? WHERE id =?''' self.cursor.execute(update_sql, (user_pass, user_salt, logged_user.get_id())) self.conn.commit() def register(self, username, password): if self.pass_validator.validate(username, password): user_pass, user_salt = self.pass_hash.make_pass(password) else: return False insert_sql = '''INSERT INTO clients (username, password, salt) VALUES (?, ?, ?)''' self.cursor.execute(insert_sql, (username, user_pass, user_salt)) self.conn.commit() def __get_salt(self, username): sql = '''SELECT username, password, salt FROM clients WHERE username =?''' self.cursor.execute(sql, (username, )) data = self.cursor.fetchone() if data is None: return None else: return data['salt'] def _login(self, username): if not self._is_blocked(username): def _is_blocked(self, username): client_id = self.get_client_id_by_username(username) now = datetime.datetime.now() sql = '''SELECT id, block_end FROM blocked_users WHERE client_id=? ORDER BY id DESC LIMIT 1''' self.cursor.execute(sql, (client_id, )) result = self.cursor.fetchone() if result is None: return False return (now, result['blocked_end']) def block_user(self, username): start = datetime.datetime.now() end = start + BLOCK_TIME client_id = self.get_client_id_by_username(username) sql = '''INSERT INTO blocked_users (client_id, blocked_start, blocked_end) VALUES (?, ?, ?)''' def create_login_attempt(self, username, password, status='FAIL'): login_attempts = BLOCK_ATTEMPTS if self.pass_validator.validate(username, password): status = 'SUCCEED' else: if login_attempts > 0: login_attempts -= 1 else: status = 'BLOCKED' client_id = self.get_client_id_by_username(username) now = datetime.datetime.now() sql = '''INSERT INTO login_attemps (client_id, attempt_status, time_stamp) values (?, ?, ?)''' self.cursor.execute(sql, (client_id, status, now)) def login(self, username, password): self._login(username) data = self.__get_salt(username) if data is None: return False select_query = '''SELECT id, username, balance, message FROM clients WHERE username =? AND password =? LIMIT 1''' passkey = self.pass_hash.make_pass(password, data) self.cursor.execute(select_query, (username, passkey[0])) user = self.cursor.fetchone() if(user): return Client(user[0], user[1], user[2], user[3]) else: return False def get_client_id_by_username(self, username): sql = '''SELECT id from clients where username=? ''' self.cursor.execute(sql, (username, )) result = self.cursor.fetchone() return result['id']